Millennials, also known as Generation Y (after Gen X) and Generation C (for Connected), should perhaps be called Generation Leaky, at least according to some experts.
Various surveys have found that workers born between the early 1980s and early 2000s are much more concerned with productivity and convenience than security, to the point where they will ignore IT directives or work around what Adweek blogger Kimberlee Morrison called called, “clunky security mandates.”
That is also the view of security executive Chris Rouland, who declared in a recent Dark Reading post that Milliennials, “have no interest in protecting their data.
“They will pay double for organic bread,” he wrote, “… but they place seemingly no value on the integrity and security of their personal identifiable information, let alone the consequences a hack could have on their friends, families, colleagues and employers.”
He noted that the recent breaches of Yik Yak and Snapchat didn’t reduce the use of those apps. “Leaked personal photos and private information seem to not just be tolerable in this demographic, but almost expected,” he wrote.
Indeed, CSO recently reported that studies have found that some workers put more importance on sharing information about themselves than in making more money.
The security implications of such attitudes could be large. Ages 22-24 are the top three in population in the U.S. And with Boomers and Gen Xers moving toward retirement, Millennials are about to become the largest generation in the workforce.
If they really don’t care about security, it would seem they will be creating an expanded threat landscape that will be a hacker’s dream and an organization’s nightmare.
And some experts argue that it is indeed that bad, for a number of reasons:
Need for speed
Andrew Avanessian, executive vice president of consultancy and technology solutions at Avecto notes that, “Millennials are the most connected generation in history, and with that comes this new mentality where everything should be instant – information and communication at the click of a button.”
If security protocols interfere with that, they’ll go with speed and convenience. “The likely result is that they’ll bypass those settings completely, or turn to another, unsecure, platform that doesn’t have those perceived barriers,” he said.
The personal/professional merge
“Millennials link everything from financial accounts to very personal information from social media apps everywhere, on every device,” said Tom Bain, vice president of Security Strategy at CounterTack. “Sixty percent of all mobile attacks are capable of stealing money from Millennials,” he said, noting that mobile attacks globally are growing by a factor of 10 every quarter.
“So the more data that is available, mostly on mobile apps and devices, the better the opportunity for hackers to hack individuals and ride those coattails into corporate networks freely.”
Avanessian added that today’s digital workers like applications that are, “sleek, intuitive, and have the same look and feel as products they're already familiar with. This is why we see many employees using platforms such as Dropbox or Skype for business purposes. But these kinds of applications were largely designed with the consumer in mind – not for the business professional who might be handling sensitive content.”
That extends to devices, according to Raj Dodhiawala, senior vice president and general manager at Mantech Cyber Solutions International. “I know Millennials who want to use their personal devices at work because they are more powerful and capable than standard issue desktops,” he said.
Ignorance isn’t bliss
Dominique Singer, principal of Security Solutions Architecture at Hexis Cyber Solutions, contends that Millennials are poor at security not because they don’t care, but because they don’t know enough to care.
“They have grown up in a world of ‘data everywhere’ and ‘information everywhere,’” he said, “and have been conditioned to expect easy access to any kind of data, especially social media. They haven’t been conditioned, or even slightly educated, on the importance of protecting their data.”
Dodhiawala added that while Millennials do care about protecting their data, “they just don’t have a good sense for what constitutes private, personal or sensitive data.
“Putting their date of birth on Facebook is considered routine, for example,” he said. “Intuitively, they share first, and protect minimally.”
A matter of trust
Millennials tend to trust technology more than they should, according to Bain. “They just have implicit trust in apps, carriers and the devices they use, that anything they do or say is protected. They are 99% blind to the growing threatscape,” he said.
Pushing for privileges
Along with the expectation of instant communication comes the expectation of easy access. Avanessian said Millennials have grown up in an online world where access was always easy and immediate, and bring those expectations to the workplace, in the form of demands for elevated privileges.